Scribd
Upload
63 views

WI-How To Request Password Using PPM

This document provides instructions for database administrators (DBAs) to request passwords for privileged database accounts through Merck's Total Privileged Access Management (TPAM) system using Privileged Password Management (PPM) sessions. It outlines the process for logging into TPAM, searching for an account, requesting a password with required details, and viewing the password if approved. The purpose is to define the procedure for DBAs to securely access database servers using privileged accounts that have been onboarded to TPAM.

Uploaded by

Vinu3012
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
63 views

WI-How To Request Password Using PPM

This document provides instructions for database administrators (DBAs) to request passwords for privileged database accounts through Merck's Total Privileged Access Management (TPAM) system using Privileged Password Management (PPM) sessions. It outlines the process for logging into TPAM, searching for an account, requesting a password with required details, and viewing the password if approved. The purpose is to define the procedure for DBAs to securely access database servers using privileged accounts that have been onboarded to TPAM.

Uploaded by

Vinu3012
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 11

Merck & Co., Inc.

WI – How to request Password


using PPM

Database Platform Engineering

Version 1.0
Publication Record
Version Date Author Description
#
1.0 7/31/2014 Reddy Loka Initial Document.
WI – How to request Password using PPM

□ Purpose
The purpose of this article is to define the procedures for accessing database
servers using privileged accounts like ormerck, orasp or windows accounts by
DBAs, via TPAM PPM session.

□ Acronyms and Definitions

Acronym – Term Definition


TPAM Total Privileged Access Management System owned and
managed by IT Risk and Compliance Team.
PSM Privileged Session Management
RDP Remote Desktop
PPM Privileged Password Management
VNC Virtual Network Computing

□ References
ITPLN-0019 - Oracle Database ITPLN-0019 - Oracle Database Services Support Plan.
Services Support Plan The purpose of this document is to define the roles,
responsibilities and procedures involved in managing
the Oracle Database Platform

□ Roles and Responsibilities


The following roles define the intended audience of this SOP. These roles are
used in the task/step descriptions within this standard operating procedure.
Role Role Responsibility
DBA DBAs are required to manage access to database servers that are
on-boarded to PAM system using either PSM or PPM sessions.

□ Conventions
The following table defines the typographical conventions used in this
document.
Identifier Description Example
BOLD New Terms The Modify Node window
Computer Literal transcriptions of computer Command names:
Output output
 
 
  Command names
Use the Search command…
 
  Functions names Use opc_conf () function to
connect
  File Directory names /opt/OV/bin/OpC
Page 3 of 13 SQL Server – Database Platform Engineering Version 1.0
WI – How to request Password using PPM
Identifier Description Example

 
  Process Names Check to see if opcmona is running
Computer Input Literal transcriptions of computer At the prompt, type: uxwsmgt5
input (e.g., user entries to be  
  typed on a keyboard) appear in
bold Courier New font (Computer
Input text style).
{Note} Supplemental explanatory notes {Note: you can not use this feature
appear in italic font and are enclosed to supply variable names which
in braces {}. Such notes do not must be typed in the expression}
contain any required actions, but may
add context information or indicate
why an action is needed. 9pt Font.
!!Warning!! A warning is enclosed in double !!Warning: Be extremely
exclamation marks and font color careful when editing
is red to indicate disastrous /etc/exports!!
results may occur if not adhered
to.
<variable> Text elements delimited by angle (e.g., <ISID>, <account_name>)
brackets represent placeholders
for information that can vary and
must be determined or verified at
the time the procedure is used.
All such variables are listed and
defined in the Entry Criteria
section.
[Button] Buttons on the user interface. Click [Operator] or Click on the
Buttons will be bolded. [Apply] button
Menu Items A menu followed by a colon (:) Select Actions: Utilities
means that you select the menu, ->Reports…
then the item.

When the item is followed by and


(->), a cascading menu follows.
This information will be bolded.
Keycap Keyboard keys. Press RETURN

□ Assumptions
1. Access to TPAM Servers is granted for your ISID
2. The server and the OS account you plan to use is on-boarded to PAM and enabled
for Privileged Session Management (PPM).
a. On UNIX/Linux servers when you try to login, if the server is already on-
boarded to PAM, you would see a message like below.
1. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!
2. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
3. !! This system has been onboarded to TPAM. Please use
the TPAM interface link
4. below to request privileged access to the server.
5. !! TPAM URL: http://tacs.merck.com

Page 4 of 13 SQL Server – Database Platform Engineering Version 1.0


WI – How to request Password using PPM
6. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!
7. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
3. Check the spreadsheet below under “DB Acounts – Oracle” or “DB Accounts –
SQL” to see if the account you plan to login with is already on-boarded to PAM.
i. http://ts1.merck.com/com/it_service_management_office/Docume
nts/302%20-%20Global%20Infrastructure%20Operations/GIO
%20Projects/GIO%20PAM%20on%20boarding/PAM
%20schedule%20final_09162014.xlsx

4. Your ISID is authorized for PPM password request for the server using the
account you plan to use.

5. If the password for a windows service account is being requested, please note that
the services running under that account will be updated with the new password.
Make sure you have an outage scheduled for the affected services and restart the
services to make the new password affective.

□ Instructions

1. Log in to PAM PRD1 console using below URL with your ISID.
https://tacs.merck.com/par
2. Enter your ISID and Password in the popup login window.

3. Click on No in the pop-up window to not close the tab.

Page 5 of 13 SQL Server – Database Platform Engineering Version 1.0


WI – How to request Password using PPM
4. This will open another browser window and takes you to your landing
page (home).
5. Click on Add Password Request

6. Enter the System Name and/or the account name. Adjust Max Rows to
Display value if required. You could also enter partial system and/or
account name followed by % sign. Click on Accounts tab.

7. Select the account for which you are requesting password and click on
Details tab. Please note that the account must be “Available” (in the
Details field) for you to use. On Unix/Linux one PPM request is allowed
Page 6 of 13 SQL Server – Database Platform Engineering Version 1.0
WI – How to request Password using PPM
for each on boarded account on a server.

8. Uncheck “Request Immediate” if this is for a future request and enter


date and time you plan on starting this session. Enter the duration for
which you plan on having the password for. Leave the reason code as is.
For Request Reason please enter a remedy WO/Incident/CRQ/PBI number
that you are trying to resolve/service via this session and also give
additional details so approver can quickly approve/disapprove the request.
If none of the remedy items are applicable then enter a detailed
description. Click on Save Changes.

Page 7 of 13 SQL Server – Database Platform Engineering Version 1.0


WI – How to request Password using PPM

9. If an approval is required for this request (most PPM requests are


configured for approval requirement), email notification would
automatically go to the approvers. Click on Responses and Approvers
Tabs to see those details. Once all the approvals are granted, Password tab
would be enabled. Click on Password to see the account password. This
window will be open for 20 seconds but you can come back to this
window by clicking on Password tab again (no screen print provided to
prevent displaying passwords in WI).

Page 8 of 13 SQL Server – Database Platform Engineering Version 1.0


WI – How to request Password using PPM
10.

Page 9 of 13 SQL Server – Database Platform Engineering Version 1.0


WI – How to request Password using PPM

11. If for any reason you need to extend the Password Request duration you
would have to re-request it. There is no way to extend your current
password request duration.
12. If you are done using the PPM session prior to the expiration of the
window, check the password back. Click on Home icon, Click on Current
Requests tab, click on Request ID. This will open the request. Enter the
details in Camcel/Expire Reason and click on Save Changes. PAM will
now make the account available for other PPM requests and also changes
the password for the account if it is configured for Automatic Password
Management (which is default setting).
Please Note: If the account password is not checked in, PAM will cancel
the request after the request duration expires, makes the account available
for other requests and changes the password immediately account if the
account is configured for Automatic Password Management (which is
default setting).

Page 10 of 13 SQL Server – Database Platform Engineering Version 1.0


WI – How to request Password using PPM

Page 11 of 13 SQL Server – Database Platform Engineering Version 1.0

You might also like